It should be common knowledge by now that the European Union’s General Data Protection Regulation (GDPR) is coming into force this year. As businesses begin to feel the pressure of the upcoming compliance deadline, there has been a huge influx of information regarding the subject appear online. With GDPR fast approaching, it’s important to be sure that you know the facts before the May 25th deadline arrives. In this blog, we’ve taken some of the more popular myths that have been cropping up and debunked them.
Brexit Means We Won’t Be Affected
As GDPR is an EU regulation, there is talk that the United Kingdom will no longer be affected once we leave the EU. This isn’t true - in fact, the information office commissioner (ICO) has said that GDPR will remain exactly as it is once we leave the EU, almost exactly a year after GDPR comes into force. In fact, GDPR isn’t even solely an EU regulation - American companies that offer goods and services to the EU will also come under scrutiny.
Enormous Fines For Non-Compliance Are Going To Be The Norm
When talking about the penalties for non-compliance, a lot of focus is on the fines - and they are large. In fact you could be fined 4% of your turnover, or up to £17 million for not complying with GDPR. Despite this, these fines are going to be rare and likely only handed out to companies actively flouting the law. Instead, warnings, reprimands and corrective orders are more likely to be used, hitting the company’s reputation rather than their finances.
Personal Data Already Collected Will Not Be Subject To GDPR
There is a belief among businesses that data collected prior to GDPR coming into effect won’t be subjected to the regulation. This isn’t the case - even if you collected the data before GDPR comes into force, it will still fall under it when it eventually happens in May. Personal data in this instance also includes IP addresses and cookie tracking.
Everyone Will Need To Appoint a Data Protection Officer
With GDPR on the horizon, businesses are thinking about making changes among their personnel. One such change is the appointment of a data protection officer - however, for a lot of businesses, they won’t need to have a data protection officer at all. Under GDPR, you’ll have to appoint one if you’re a public authority, if you carry out large scale systematic monitoring of individuals or if you carry out large scale processing of special data (or data relating to criminal convictions). Apart from that, it’s unlikely you’ll need one.
GDPR Will Be a Revolution in Data Management
There’s a lot of talk surrounding the impending arrival of GDPR and how it will revolutionise the way businesses handle data. The fact is however that the regulation is being designed as an evolution, not a revolution, as the information office commissioner has been keen to point out. GDPR will keep the same principles as before and simply build on them, rather than completely rewrite them. Those businesses that already follow the correct procedures will likely just have to review and update them somewhat, rather than change them altogether.
GDPR is coming. Are you a business owner that needs help in figuring out how it will affect you? Get in touch on 01189 100 012 and we can help.
Add a Comment